11 matches found
đ XWiki Blog Cross Site Scripting
XWiki Blog versions prior to 9.15.7 suffer from a persistent cross site scripting vulnerability via the blog post title. CVE-2025-66024: XWiki Blog Application home page vulnerable to Stored XSS via Post Title Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66024 | | Severity | HIGH | ...
Exploit for CVE-2025-66024
CVE-2025-66024: XWiki Blog Application home page vulnerable to...
CVE-2025-66024
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...
CVE-2025-66024
CVE-2025-66024 affects the XWiki Blog Application UI (org.xwiki.contrib.blog:application-blog-ui) and involves a Stored XSS in the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping in versions prior to 9.15.7. An attac...
XWiki Blog Application home page vulnerable to Stored XSS via Post Title
Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...
GHSA-H2XQ-H7F9-VH6C XWiki Blog Application home page vulnerable to Stored XSS via Post Title
Impact The Blog Application is vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious...
PT-2026-23065
Name of the Vulnerable Software and Affected Versions XWiki versions prior to 9.15.7 Description The XWiki blog application is susceptible to Stored Cross-Site Scripting XSS through the Blog Post Title. The issue occurs because the post title is directly inserted into the HTML tag without...
Design/Logic Flaw
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?tofield=id&popup=1 title parameter at admin/blog/blogpost/add/...